Nginx 基础
2026/1/15大约 2 分钟
Nginx 基础
安装
# Ubuntu/Debian
sudo apt update
sudo apt install nginx
# CentOS/RHEL
sudo yum install epel-release
sudo yum install nginx
# Docker
docker run -d -p 80:80 nginx配置文件结构
/etc/nginx/
├── nginx.conf # 主配置文件
├── conf.d/ # 自定义配置目录
│ └── default.conf
├── sites-available/ # 可用站点配置
├── sites-enabled/ # 启用的站点配置
└── mime.types # MIME 类型映射核心配置
nginx.conf 结构
# 全局块
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# events 块
events {
worker_connections 1024;
use epoll;
}
# http 块
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
# 日志格式
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
# 引入其他配置
include /etc/nginx/conf.d/*.conf;
}server 块
server {
listen 80;
server_name example.com www.example.com;
root /var/www/html;
index index.html;
# 访问日志
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
# location 块
location / {
try_files $uri $uri/ =404;
}
location /api {
proxy_pass http://backend;
}
# 错误页面
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
}location 匹配规则
# 匹配优先级(从高到低)
location = /exact { # 精确匹配
# 只匹配 /exact
}
location ^~ /prefix { # 前缀匹配(优先于正则)
# 匹配以 /prefix 开头的 URI
}
location ~ \.php$ { # 正则匹配(区分大小写)
# 匹配 .php 结尾的 URI
}
location ~* \.(jpg|png)$ { # 正则匹配(不区分大小写)
# 匹配 .jpg 或 .png 结尾
}
location /path { # 普通前缀匹配
# 匹配以 /path 开头的 URI
}
location / { # 默认匹配
# 匹配所有 URI
}匹配示例
# 静态文件
location ~* \.(css|js|jpg|png|gif|ico)$ {
expires 30d;
add_header Cache-Control "public, immutable";
}
# API 代理
location /api/ {
proxy_pass http://backend/;
}
# 单页应用
location / {
try_files $uri $uri/ /index.html;
}静态资源服务
server {
listen 80;
server_name static.example.com;
root /var/www/static;
# 开启 gzip
gzip on;
gzip_types text/plain text/css application/json application/javascript;
# 缓存设置
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 30d;
add_header Cache-Control "public, no-transform";
}
# 禁止访问隐藏文件
location ~ /\. {
deny all;
}
}HTTPS 配置
server {
listen 443 ssl http2;
server_name example.com;
# SSL 证书
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
# SSL 配置
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# HSTS
add_header Strict-Transport-Security "max-age=31536000" always;
root /var/www/html;
}
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}常用命令
# 启动
nginx
sudo systemctl start nginx
# 停止
nginx -s stop
sudo systemctl stop nginx
# 重载配置
nginx -s reload
sudo systemctl reload nginx
# 测试配置
nginx -t
# 查看版本
nginx -v
nginx -V # 详细信息日志分析
# 自定义日志格式
log_format json '{"time":"$time_iso8601",'
'"remote_addr":"$remote_addr",'
'"method":"$request_method",'
'"uri":"$uri",'
'"status":$status,'
'"body_bytes_sent":$body_bytes_sent,'
'"request_time":$request_time,'
'"upstream_response_time":"$upstream_response_time"}';
access_log /var/log/nginx/access.json json;# 统计访问量
cat access.log | wc -l
# 统计 IP 访问次数
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -10
# 统计状态码
awk '{print $9}' access.log | sort | uniq -c | sort -rn
# 统计请求 URL
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -10